﻿<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<?php
  function myError($errno, $errStr)
   { 
   echo "<b>Error:</b> [$errno] $errStr<br />";
   echo "goodbye";
   die();
   }
//  set_error_handler("myError");
if (!(isset($_SESSION["admin"]))) {
header("Location: index.php");
exit();
} else {
if ($_SESSION["admin"] != "true") {
header("Location: index.php");
exit();
}
}
if (!(isset($_GET["id"]) || !(isset($_GET["productID"])) || !(isset($_GET["catid"])))) {
header("Location: main.php");
exit();
}//end of checking for id's in querystring
?>
<?php
$msg = "";
$imgID = $_GET["id"];
require("dbInc.php");
$mysqliObj = new mysqli($dbHost, $dbUser, $dbPass, $dbDB);
if (isset($_POST["btnUpload"])) {
$msg = "btnUpload set";
if (count($_FILES) > 0) {
if (($_FILES["filImage"]["type"] == "image/gif")
|| ($_FILES["filImage"]["type"] == "image/pjpeg")
|| ($_FILES["filImage"]["type"] == "image/png")
&& ($_FILES["filImage"]["size"] <= 512000))
  {
  if ($_FILES["filImage"]["error"] > 0)
    {
    $msg = "issue: Return Code: " . $_FILES["filImage"]["error"] . "<br />";
    }
  else
    {
    //echo "Upload: " . $_FILES["filImage"]["name"] . "<br />";
    //echo "Type: " . $_FILES["filImage"]["type"] . "<br />";
    //echo "Size: " . ($_FILES["filImage"]["size"] / 1024) . " Kb<br />";
//    echo "Temp file: " . $_FILES["filImage"]["tmp_name"] . "<br />";    
$vPath = "'" . mysqli_real_escape_string($mysqliObj, $_FILES["filImage"]["name"]) . "'";
$vDescription = "'" . mysqli_real_escape_string($mysqliObj, str_replace(";", "", $_POST["txtDescription" . $I])) . "'";
if (strval($imgID) == "0") {
//new image upload
$sql = sprintf("insert into %s (iProductID, vPath, vDescription) values (%s, %s, %s);", $tableImages, mysqli_real_escape_string($mysqliObj, $_GET["productID"]), $vPath, $vDescription);
$mysqliObj->query($sql);
$imgID = $mysqliObj->insert_id;
} else {
//existing image update
$sql = sprintf("update %s set vPath = '%s', vDescription = '%s' where id = %s;", $tableImages, $vPath, $vDescription, $imgID);
$mysqliObj->query($sql);
}//end of double checking if new or existing image
$imgExt = substr($_FILES["filImage"]["name"], strripos($_FILES["filImage"]["name"], "."));
$newName = "../images/" . $imgID . $imgExt;
move_uploaded_file($_FILES["filImage"]["tmp_name"], $newName);
      $msg = "Stored in: " . $newName . "";
    }
  }//end of checking if valid file
}//end of if file isset
if (strval($imgID) != "0") {
$sql = sprintf("update %s set vDescription = '%s' where id = %s;", $tableImages, mysqli_real_escape_string($mysqliObj, $_POST["txtDescription"]), $imgID);
$mysqliObj->query($sql);
$msg = "Image description updated";
}//end of checking if just existing image description update
}//end of checking if form submitted
$img = "";
$alt = "";
if (strval($imgID) != "0") {
$sql = sprintf("select vPath, vDescription from %s where id = %s;", $tableImages, mysqli_real_escape_string($mysqliObj, $imgID));
$res = $mysqliObj->query($sql);
$res->data_seek(0);
if ($res->num_rows > 0) {
$row = $res->fetch_assoc();
$img = $row["vPath"];
$imgExt = substr($img, strripos($img, "."));
$img = $imgID . $imgExt;
$alt = str_replace("\'", "'", $row["vDescription"]);
}//end of checking if data returned
}//end of populating info if existing image
$mysqliObj->close();
?>
<title>Product Image</title>
<link type="text/css" rel="stylesheet" href="../styles.css" />
<script type="text/javascript" language="javascript">
function checkMsg() {
var msg = "<?php echo $msg; ?>";
if (msg.length > 0) {
alert(msg);
}
}//end of checkMsg function
</script>
</head>
<body onload="checkMsg();">
<iframe name="logoFrame" id="logoFrame" src="../logo.htm" border="0" height="120" align="top" frameborder="0" marginheight="0" width="100%" scrolling="no">
<a href="http://www.blindza.co.za/" target="_blank">
<img src="../logo/blindza_logo_smaller46.jpg" alt="blindZA.co.za logo - white text on black background, with white border - and red braille version hovering in front of normal text" width="317" height="103" border="0" />
</a>
</iframe>
<a href="product.php?catid=<?php echo $_GET['catid']; ?>&id=<?php echo $_GET['productID']; ?>">Back to product page</a>
<h2>Product Image</h2>
<?php
if (strlen($msg) > 0) {
echo "<p class='error'>" . $msg . "</p>";
}
?>
<?php
if ($img != "") {
echo "<img src='" . $img . "' alt='" . $alt . "' />\n";
}//end of checking for image to display
?>
<form action="productImage.php?productID=<?php echo $_GET['productID']; ?>&catid=<?php echo $_GET['catid']; ?>&id=<?php echo $imgID; ?>" method="post" enctype="multipart/form-data">
<table align="center" border="0">
<tr>
<th align="right">Choose image file</th>
<td>
<input type="file" name="filImage" id="filImage" />
</td>
</tr>
<tr>
<th align="right" valign="top">Image description</th>
<td>
<textarea id="txtDescription" name="txtDescription" multiline="flase" rows="2" cols="50"><?php echo $alt; ?></textarea>
</td>
</tr>
<tr>
<th align="center" colspan="2">
<input type="submit" name="btnUpload" value="Upload-update image" />
</th>
</tr>


</table>
</form>
</body>
</html>